VYPR
Vendor

Naver

Products
13
CVEs
35
Across products
37
Status
Private

Products

13

Recent CVEs

35
View all 35 CVEs →
  • CVE-2020-9752CriMar 23, 2020
    risk 0.64cvss 9.8epss 0.01

    Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.

  • CVE-2024-40618CriJul 11, 2024
    risk 0.62cvss 9.6epss 0.00

    Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.

  • CVE-2020-9753CriMay 20, 2020
    risk 0.59cvss 9.1epss 0.01

    Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.

  • CVE-2020-9751CriMar 3, 2020
    risk 0.59cvss 9.1epss 0.00

    Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.

  • CVE-2021-33591HigMay 28, 2021
    risk 0.57cvss 8.8epss 0.02

    An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

  • CVE-2018-9859HigJun 16, 2018
    risk 0.53cvss 8.1epss 0.01

    The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.

  • CVE-2026-8148HigMay 8, 2026
    risk 0.51cvss 7.8epss 0.00

    NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.

  • CVE-2022-24077HigJun 13, 2022
    risk 0.51cvss 7.8epss 0.00

    Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.

  • CVE-2018-12449HigOct 11, 2018
    risk 0.51cvss 7.8epss 0.01

    The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.

  • CVE-2019-13157HigNov 22, 2019
    risk 0.49cvss 7.5epss 0.02

    nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.

  • CVE-2019-13156HigSep 3, 2019
    risk 0.49cvss 7.5epss 0.01

    NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.

  • CVE-2022-24073HigMar 17, 2022
    risk 0.46cvss 7.1epss 0.01

    The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.

  • CVE-2022-24075MedMar 17, 2022
    risk 0.42cvss 6.5epss 0.01

    Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.

  • CVE-2024-50583MedOct 25, 2024
    risk 0.41cvss 6.3epss 0.00

    Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings.

  • CVE-2016-5060MedDec 13, 2016
    risk 0.40cvss 6.1epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.

  • CVE-2020-9754MedJun 27, 2022
    risk 0.35cvss 5.3epss 0.01

    NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.

  • CVE-2021-33593MedNov 2, 2021
    risk 0.35cvss 5.3epss 0.01

    Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.

  • CVE-2018-12448MedAug 2, 2018
    risk 0.35cvss 5.3epss 0.01

    Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.

  • CVE-2018-7635MedJul 3, 2018
    risk 0.35cvss 5.3epss 0.01

    Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name.

  • CVE-2022-24071MedJan 28, 2022
    risk 0.28cvss 4.3epss 0.01

    A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.